The EICAR Encoder - Metasploit
This page contains detailed information about how to use the encoder/generic/eicar metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: The EICAR Encoder
Module: encoder/generic/eicar
Source code: modules/encoders/generic/eicar.rb
Disclosure date: -
Last modification time: 2017-07-24 06:26:21 +0000
Supported architecture(s): x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r
Supported platform(s): All
Target service / protocol: -
Target network port(s): -
List of CVEs: -
This encoder merely replaces the given payload with the EICAR test string. Note, this is sure to ruin your payload. Any content-aware firewall, proxy, IDS, or IPS that follows anti-virus standards should alert and do what it would normally do when malware is transmitted across the wire.
Module Ranking and Traits
Module Ranking:
- manual: The exploit is unstable or difficult to exploit and is basically a DoS. This ranking is also used when the module has no use unless specifically configured by the user (e.g.: exploit/windows/smb/psexec). More information about ranking can be found here.
Basic Usage
msf > use encoder/generic/eicar
msf encoder(eicar) > show targets
... a list of targets ...
msf encoder(eicar) > set TARGET target-id
msf encoder(eicar) > show options
... show and set options ...
msf encoder(eicar) > exploit
Go back to menu.
Msfconsole Usage
Here is how the encoder/generic/eicar module looks in the msfconsole:
msf6 > use encoder/generic/eicar
msf6 encoder(generic/eicar) > show info
Name: The EICAR Encoder
Module: encoder/generic/eicar
Platform: All
Arch: x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r
Rank: Manual
Provided by:
todb <[email protected]>
Description:
This encoder merely replaces the given payload with the EICAR test
string. Note, this is sure to ruin your payload. Any content-aware
firewall, proxy, IDS, or IPS that follows anti-virus standards
should alert and do what it would normally do when malware is
transmitted across the wire.
Module Options
This is a complete list of options available in the encoder/generic/eicar module:
msf6 encoder(generic/eicar) > show options
Module options (encoder/generic/eicar):
Name Current Setting Required Description
---- --------------- -------- -----------
Advanced Options
Here is a complete list of advanced options supported by the encoder/generic/eicar module:
msf6 encoder(generic/eicar) > show advanced
Module advanced options (encoder/generic/eicar):
Name Current Setting Required Description
---- --------------- -------- -----------
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Go back to menu.
Related Pull Requests
- #8716 Merged Pull Request: Print_Status -> Print_Good (And OCD bits 'n bobs)
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #6648 Merged Pull Request: Change metasploit class names
- #3196 Merged Pull Request: Spelling and grammar on new release modules
- #3168 Merged Pull Request: Eicar update
Go back to menu.
See Also
Check also the following modules related to this module:
- encoder/generic/none
- encoder/cmd/generic_sh
- exploit/unix/webapp/generic_exec
- exploit/windows/http/generic_http_dll_injection
- exploit/windows/smb/generic_smb_dll_injection
- nop/cmd/generic
- nop/php/generic
- nop/tty/generic
- payload/cmd/mainframe/generic_jcl
- payload/cmd/unix/generic
- payload/cmd/windows/generic
- payload/cmd/windows/powershell/generic/debug_trap
- payload/cmd/windows/powershell/generic/tight_loop
- payload/generic/custom
- payload/generic/debug_trap
- payload/generic/shell_bind_tcp
- payload/generic/shell_reverse_tcp
- payload/generic/ssh/interact
- payload/generic/tight_loop
Authors
todb
Version
This page has been produced using Metasploit Framework version 6.2.1-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.